7:42 a.m.
Hello Miloslav, and all the guys!
We use audit-viewer for events monitoring.
Unfortunately, if some log is rather big it takes to much time for audit-viewer to parse
and render it.
Besides, we need to render log updates in real time, i.e. when a new line appears in a
log, it should appear in a viewer too.
Can you suggest the better way to extend audit-viewer to meet these requirements?
Thanks in advance.
Kseniya Muratova,
11:50 a.m.
Hello,
Hello Miloslav, and all the guys!
We use audit-viewer for events monitoring.
Unfortunately, if some log is rather big it takes to much time for
audit-viewer to parse and render it.
Besides, we need to render log updates in real time, i.e. when a new line
appears in a log, it should appear in a viewer too.
Can you suggest the better way to extend audit-viewer to meet these
requirements?
Well, write the code? Something like inotify could be useful. There isn’t any hidden
switch to enable these features, if that is what you are asking.
As for performance, I may have missed something but I think I have squeezed as much as can
be done with Python; improving performance further would very likely require a C
extension.
(audit-viewer is a PyGtk2 application, and at I’m afraid I don’t currently have plans to
port it to GTK+3/gobject-introspection or do any other non-trivial work on the project, at
least in the near term.)
Mirek
8:36 a.m.
On Wednesday, March 04, 2015 12:50:53 PM Miloslav Trmač wrote:
Hello,
> Hello Miloslav, and all the guys!
>
> We use audit-viewer for events monitoring.
> Unfortunately, if some log is rather big it takes to much time for
> audit-viewer to parse and render it.
> Besides, we need to render log updates in real time, i.e. when a new line
> appears in a log, it should appear in a viewer too.
> Can you suggest the better way to extend audit-viewer to meet these
> requirements?
Well, write the code? Something like inotify could be useful. There isn’t
any hidden switch to enable these features, if that is what you are asking.
As for performance, I may have missed something but I think I have squeezed
as much as can be done with Python; improving performance further would
very likely require a C extension.
And it also uses the auparse library underneath which might could use some
speeding up. There were some performance improvements over the last year. But
I don't know if that is enough to be noticeable in a high level application.
But it would be another obvious place that could be a performance bottleneck.
-Steve
(audit-viewer is a PyGtk2 application, and at I’m afraid I don’t
currently
have plans to port it to GTK+3/gobject-introspection or do any other
non-trivial work on the project, at least in the near term.) Mirek
6:45 a.m.
Free or pay for solutions? You have products like splunk and greybar that do a good job.
Managengine also has a log viewer that works OK. You will just need to pass audit logs to
syslog to use most products.
-
Ray Pittigher
--Exelis Inc, Clifton NJ
--phone 973-284-2275
--email raymond.pittigher(a)exelisinc.com
________________________________________
From: linux-audit-bounces(a)redhat.com [linux-audit-bounces(a)redhat.com] on behalf of Xeniya
Muratova [muratova(a)itsirius.su]
Sent: Wednesday, March 04, 2015 8:42 AM
To: mitr(a)redhat.com; linux-audit(a)redhat.com
Subject: log rendering in real time in audit-viewer
Hello Miloslav, and all the guys!
We use audit-viewer for events monitoring.
Unfortunately, if some log is rather big it takes to much time for audit-viewer to parse
and render it.
Besides, we need to render log updates in real time, i.e. when a new line appears in a
log, it should appear in a viewer too.
Can you suggest the better way to extend audit-viewer to meet these requirements?
Thanks in advance.
Kseniya Muratova,
--
Linux-audit mailing list
Linux-audit(a)redhat.com
https://www.redhat.com/mailman/listinfo/linux-audit
________________________________
This e-mail and any files transmitted with it may be proprietary and are intended solely
for the use of the individual or entity to whom they are addressed. If you have received
this e-mail in error please notify the sender. Please note that any views or opinions
presented in this e-mail are solely those of the author and do not necessarily represent
those of Exelis Inc. The recipient should check this e-mail and any attachments for the
presence of viruses. Exelis Inc. accepts no liability for any damage caused by any virus
transmitted by this e-mail.
3579
days inactive
3580
days old
linux-audit@lists.linux-audit.osci.io
3 comments
4 participants
participants (4)
-
Miloslav Trmač -
Pittigher, Raymond - Exelis -
Steve Grubb -
Xeniya Muratova